Critical Vulnerability Affecting Cisco Catalyst SD-WAN Manager

Published on 29 Sep 2023

Cisco has released security updates to address a critical vulnerability (CVE-2023—20252) in their Catalyst SD-WAN Manager, a network management software which allows administrators to visualise, deploy and manage devices on wide area networks (WAN). The vulnerability has a Common Vulnerability Scoring System (CVSSv3.1) score of 9.8 out of 10.

Successful exploitation of this vulnerability due to issues with the Security Assertion Markup Language (SAML) APIs could allow an unauthenticated, remote attacker unauthorised access to an affected instance and/or cause a denial of service (DoS) condition on an affected system.

This vulnerability affects versions 20.9.3.2 and 20.11.1.2 but not older releases in the 20.9 and 20.11 branches.

Users and administrators of affected product versions are advised to upgrade to the latest product version immediately.

More information is available here:

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-vman-sc-LRLfu2z

https://www.bleepingcomputer.com/news/security/cisco-catalyst-sd-wan-manager-flaw-allows-remote-server-access/

Tags
Alerts Alerts & Advisories
Share